Anomaly Detection for a Water Treatment System Using Unsupervised Machine Learning

In this paper, we propose and evaluate the application of unsupervised machine learning to anomaly detection for a Cyber-Physical System (CPS). We compare two methods: Deep Neural Networks (DNN) adapted to time series data generated by a CPS, and one-class Support Vector Machines (SVM). These method...

Full description

Saved in:
Bibliographic Details
Main Authors: Jun Inoue, Yamagata, Yoriyuki, Yuqi Chen, Poskitt, Christopher M., Jun Sun
Format: Conference Proceeding
Language:English
Subjects:
Actuators
Anomaly detection
Computer architecture
deep neural network
machine learning
Monitoring
Sensors
support vector machine
Support vector machines
Time series analysis
water treatment system
Citations: Items that cite this one
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by cdi_FETCH-LOGICAL-c286t-990627a863944f34ef3a7ce80087c5dc2aa4d11917295de3ee8efd7e5a256dd33
cites
container_end_page 1065
container_issue
container_start_page 1058
container_title
container_volume
creator Jun Inoue
Yamagata, Yoriyuki
Yuqi Chen
Poskitt, Christopher M.
Jun Sun
description In this paper, we propose and evaluate the application of unsupervised machine learning to anomaly detection for a Cyber-Physical System (CPS). We compare two methods: Deep Neural Networks (DNN) adapted to time series data generated by a CPS, and one-class Support Vector Machines (SVM). These methods are evaluated against data from the Secure Water Treatment (SWaT) testbed, a scaled-down but fully operational raw water purification plant. For both methods, we first train detectors using a log generated by SWaT operating under normal conditions. Then, we evaluate the performance of both methods using a log generated by SWaT operating under 36 different attack scenarios. We find that our DNN generates fewer false positives than our one-class SVM while our SVM detects slightly more anomalies. Overall, our DNN has a slightly better F measure than our SVM. We discuss the characteristics of the DNN and one-class SVM used in this experiment, and compare the advantages and disadvantages of the two methods.
doi_str_mv 10.1109/ICDMW.2017.149
format conference_proceeding
fullrecord <record><control><sourceid>ieee_CHZPO</sourceid><recordid>TN_cdi_ieee_primary_8215783</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>8215783</ieee_id><sourcerecordid>8215783</sourcerecordid><originalsourceid>FETCH-LOGICAL-c286t-990627a863944f34ef3a7ce80087c5dc2aa4d11917295de3ee8efd7e5a256dd33</originalsourceid><addsrcrecordid>eNotjk1LwzAYgKMgOOeuXrzkD7Tmo2mS4-j8GHQIurLjeGneamVNRxKF_nsLenoODzw8hNxxlnPO7MO22uwOuWBc57ywF-SGK2lKaRgTl2QhpFaZFcpek1WMX4wxbmVhrViQt7UfBzhNdIMJ29SPnnZjoEAPkDDQfUBIA_pE36eYcKBN7P0HbXz8PmP46SM6uoP2s_dIa4TgZ3tLrjo4RVz9c0map8d99ZLVr8_bal1nrTBlyqxlpdAwX9qi6GSBnQTd4rxsdKtcKwAKx7nlWljlUCIa7JxGBUKVzkm5JPd_3R4Rj-fQDxCmoxFcaSPlL3FiT6A</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Anomaly Detection for a Water Treatment System Using Unsupervised Machine Learning</title><source>IEEE Xplore All Conference Series</source><creator>Jun Inoue ; Yamagata, Yoriyuki ; Yuqi Chen ; Poskitt, Christopher M. ; Jun Sun</creator><creatorcontrib>Jun Inoue ; Yamagata, Yoriyuki ; Yuqi Chen ; Poskitt, Christopher M. ; Jun Sun</creatorcontrib><description>In this paper, we propose and evaluate the application of unsupervised machine learning to anomaly detection for a Cyber-Physical System (CPS). We compare two methods: Deep Neural Networks (DNN) adapted to time series data generated by a CPS, and one-class Support Vector Machines (SVM). These methods are evaluated against data from the Secure Water Treatment (SWaT) testbed, a scaled-down but fully operational raw water purification plant. For both methods, we first train detectors using a log generated by SWaT operating under normal conditions. Then, we evaluate the performance of both methods using a log generated by SWaT operating under 36 different attack scenarios. We find that our DNN generates fewer false positives than our one-class SVM while our SVM detects slightly more anomalies. Overall, our DNN has a slightly better F measure than our SVM. We discuss the characteristics of the DNN and one-class SVM used in this experiment, and compare the advantages and disadvantages of the two methods.</description><identifier>EISSN: 2375-9259</identifier><identifier>EISBN: 1538638002</identifier><identifier>EISBN: 9781538638002</identifier><identifier>DOI: 10.1109/ICDMW.2017.149</identifier><identifier>CODEN: IEEPAD</identifier><language>eng</language><publisher>IEEE</publisher><subject>Actuators ; Anomaly detection ; Computer architecture ; deep neural network ; machine learning ; Monitoring ; Sensors ; support vector machine ; Support vector machines ; Time series analysis ; water treatment system</subject><ispartof>2017 IEEE International Conference on Data Mining Workshops (ICDMW), 2017, p.1058-1065</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c286t-990627a863944f34ef3a7ce80087c5dc2aa4d11917295de3ee8efd7e5a256dd33</citedby></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/8215783$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,23930,23931,25140,27925,54555,54932</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/8215783$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Jun Inoue</creatorcontrib><creatorcontrib>Yamagata, Yoriyuki</creatorcontrib><creatorcontrib>Yuqi Chen</creatorcontrib><creatorcontrib>Poskitt, Christopher M.</creatorcontrib><creatorcontrib>Jun Sun</creatorcontrib><title>Anomaly Detection for a Water Treatment System Using Unsupervised Machine Learning</title><title>2017 IEEE International Conference on Data Mining Workshops (ICDMW)</title><addtitle>ICDMW</addtitle><description>In this paper, we propose and evaluate the application of unsupervised machine learning to anomaly detection for a Cyber-Physical System (CPS). We compare two methods: Deep Neural Networks (DNN) adapted to time series data generated by a CPS, and one-class Support Vector Machines (SVM). These methods are evaluated against data from the Secure Water Treatment (SWaT) testbed, a scaled-down but fully operational raw water purification plant. For both methods, we first train detectors using a log generated by SWaT operating under normal conditions. Then, we evaluate the performance of both methods using a log generated by SWaT operating under 36 different attack scenarios. We find that our DNN generates fewer false positives than our one-class SVM while our SVM detects slightly more anomalies. Overall, our DNN has a slightly better F measure than our SVM. We discuss the characteristics of the DNN and one-class SVM used in this experiment, and compare the advantages and disadvantages of the two methods.</description><subject>Actuators</subject><subject>Anomaly detection</subject><subject>Computer architecture</subject><subject>deep neural network</subject><subject>machine learning</subject><subject>Monitoring</subject><subject>Sensors</subject><subject>support vector machine</subject><subject>Support vector machines</subject><subject>Time series analysis</subject><subject>water treatment system</subject><issn>2375-9259</issn><isbn>1538638002</isbn><isbn>9781538638002</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2017</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotjk1LwzAYgKMgOOeuXrzkD7Tmo2mS4-j8GHQIurLjeGneamVNRxKF_nsLenoODzw8hNxxlnPO7MO22uwOuWBc57ywF-SGK2lKaRgTl2QhpFaZFcpek1WMX4wxbmVhrViQt7UfBzhNdIMJ29SPnnZjoEAPkDDQfUBIA_pE36eYcKBN7P0HbXz8PmP46SM6uoP2s_dIa4TgZ3tLrjo4RVz9c0map8d99ZLVr8_bal1nrTBlyqxlpdAwX9qi6GSBnQTd4rxsdKtcKwAKx7nlWljlUCIa7JxGBUKVzkm5JPd_3R4Rj-fQDxCmoxFcaSPlL3FiT6A</recordid><startdate>201711</startdate><enddate>201711</enddate><creator>Jun Inoue</creator><creator>Yamagata, Yoriyuki</creator><creator>Yuqi Chen</creator><creator>Poskitt, Christopher M.</creator><creator>Jun Sun</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201711</creationdate><title>Anomaly Detection for a Water Treatment System Using Unsupervised Machine Learning</title><author>Jun Inoue ; Yamagata, Yoriyuki ; Yuqi Chen ; Poskitt, Christopher M. ; Jun Sun</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c286t-990627a863944f34ef3a7ce80087c5dc2aa4d11917295de3ee8efd7e5a256dd33</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2017</creationdate><topic>Actuators</topic><topic>Anomaly detection</topic><topic>Computer architecture</topic><topic>deep neural network</topic><topic>machine learning</topic><topic>Monitoring</topic><topic>Sensors</topic><topic>support vector machine</topic><topic>Support vector machines</topic><topic>Time series analysis</topic><topic>water treatment system</topic><toplevel>online_resources</toplevel><creatorcontrib>Jun Inoue</creatorcontrib><creatorcontrib>Yamagata, Yoriyuki</creatorcontrib><creatorcontrib>Yuqi Chen</creatorcontrib><creatorcontrib>Poskitt, Christopher M.</creatorcontrib><creatorcontrib>Jun Sun</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE/IET Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Jun Inoue</au><au>Yamagata, Yoriyuki</au><au>Yuqi Chen</au><au>Poskitt, Christopher M.</au><au>Jun Sun</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Anomaly Detection for a Water Treatment System Using Unsupervised Machine Learning</atitle><btitle>2017 IEEE International Conference on Data Mining Workshops (ICDMW)</btitle><stitle>ICDMW</stitle><date>2017-11</date><risdate>2017</risdate><spage>1058</spage><epage>1065</epage><pages>1058-1065</pages><eissn>2375-9259</eissn><eisbn>1538638002</eisbn><eisbn>9781538638002</eisbn><coden>IEEPAD</coden><abstract>In this paper, we propose and evaluate the application of unsupervised machine learning to anomaly detection for a Cyber-Physical System (CPS). We compare two methods: Deep Neural Networks (DNN) adapted to time series data generated by a CPS, and one-class Support Vector Machines (SVM). These methods are evaluated against data from the Secure Water Treatment (SWaT) testbed, a scaled-down but fully operational raw water purification plant. For both methods, we first train detectors using a log generated by SWaT operating under normal conditions. Then, we evaluate the performance of both methods using a log generated by SWaT operating under 36 different attack scenarios. We find that our DNN generates fewer false positives than our one-class SVM while our SVM detects slightly more anomalies. Overall, our DNN has a slightly better F measure than our SVM. We discuss the characteristics of the DNN and one-class SVM used in this experiment, and compare the advantages and disadvantages of the two methods.</abstract><pub>IEEE</pub><doi>10.1109/ICDMW.2017.149</doi><tpages>8</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier EISSN: 2375-9259
ispartof 2017 IEEE International Conference on Data Mining Workshops (ICDMW), 2017, p.1058-1065
issn 2375-9259
language eng
recordid cdi_ieee_primary_8215783
source IEEE Xplore All Conference Series
subjects Actuators
Anomaly detection
Computer architecture
deep neural network
machine learning
Monitoring
Sensors
support vector machine
Support vector machines
Time series analysis
water treatment system
title Anomaly Detection for a Water Treatment System Using Unsupervised Machine Learning
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-01T14%3A02%3A01IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Anomaly%20Detection%20for%20a%20Water%20Treatment%20System%20Using%20Unsupervised%20Machine%20Learning&rft.btitle=2017%20IEEE%20International%20Conference%20on%20Data%20Mining%20Workshops%20(ICDMW)&rft.au=Jun%20Inoue&rft.date=2017-11&rft.spage=1058&rft.epage=1065&rft.pages=1058-1065&rft.eissn=2375-9259&rft.coden=IEEPAD&rft_id=info:doi/10.1109/ICDMW.2017.149&rft.eisbn=1538638002&rft.eisbn_list=9781538638002&rft_dat=%3Cieee_CHZPO%3E8215783%3C/ieee_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c286t-990627a863944f34ef3a7ce80087c5dc2aa4d11917295de3ee8efd7e5a256dd33%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=8215783&rfr_iscdi=true